Benefit Plan Data Security—Whose Job Is It, Anyway?

While data privacy has become a major concern for organizations with respect to their core business operations, benefit plans can fall outside their focus. The sensitive nature of information stored (SSNs, DOBs, financial and medical information, bank account details and beneficiary information), large amounts of money involved and prevalence of sharing data with third-party vendors makes benefit plan data particularly alluring to cyberhackers.

In a recent International Foundation member webcast, Managing Cybersecurity Risks in Benefit Plan Administration, Kristen Mathews and Robert Projansky of Proskauer Rose LLP shared a list of proactive actions employers and plans can take to manage risk and who should manage each. Spoiler alert—Placing all of the responsibility solely on your technology team was not recommended.

Throughout the webcast, Projansky and Mathews shared tips and very compelling examples of “this could happen to you.” A common theme shined through—Cybersecurity is everyone’s responsibility. It’s important to have a plan and a well-trained team, both internally and with your vendors.

Internal Team—Who is responsible for each part of strategy implementation?

Cybersecurity is an ongoing effort that must evolve along with rapidly changing laws in the area. From your internal teams to your vendors to your plan participants, it is critical to know each individual’s role in keeping benefits data protected. Having an understanding of the risk and advance planning can help to avoid challenging issues in the future.

Ann Godsell, CEBS Director, Social Media and Content Marketing at the International Foundation